0

我有 4 个 if/else 条件,在 4 个中只有 3 个可以正常工作,条件中的值将具有数字和文本的组合,这是否会导致问题。

我不确定,有人可以告诉我这是否导致了问题,还有其他方法可以做到这一点。

在下面的代码中,我提到了从表单传递的 2 个变量的值。在这种情况下,理想情况下它应该进入第 3 个 If 条件,但它会进入第 4 个 if 条件。

我的php代码的一部分:

    echo "category :".$option." ".$suboption." "; //Values displayed for $option is 4 and $suboption is Nitrogen

    if ($option==0 && $suboption==0)
        $dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER ORDER BY Ac_code, Prod_desc");
    else{
        if($option==0 && $suboption!=0)
            $dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Prod_desc='$suboption' ORDER BY Ac_code, Prod_desc");
        else{
           if($option!=0 && $suboption!=0)
               $dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='$option' AND Prod_desc='$suboption' ORDER BY Ac_code, Prod_desc");
           else{
               if($option!=0 && $suboption==0)
                  $dc=mysql_query("SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='$option' ORDER BY Ac_code, Prod_desc");
           }
        }
    }
4

4 回答 4

1

这是糟糕的代码。

  1. 不要使用太多 if else 条件,根据您的条件定义变量并使用 switch case,或者使用else if

  2. 不要将字符串“nitrogen”与数字 0 进行比较

见:http ://codepad.org/8a4qFgmf

.

   <?php
    $myVar = ('Nitrogen' == 0);
    var_dump($myVar);  // THIS IS TRUE
    ?>
于 2013-01-11T06:22:07.997 回答
1

做更多这样的事情怎么样(尽管这对于用户定义的数据仍然不安全(需要正确转义)

<?php

function array_map_assoc( $callback , $array ){
    $r = array();
      foreach ($array as $key=>$value)
            $r[$key] = $callback($key,$value);
        return $r;
}

function funtimes($option, $suboption) {
  $query = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER%sORDER BY Ac_code, Prod_desc";
  $clause = array("Ac_code" => $option, "Prod_desc" => $suboption);
  $clause = array_filter($clause);
  $where = ' ';
  if (count($clause)) {
    $where = " WHERE " . implode(', ',array_map_assoc(function($k,$v){return "$k='$v'";},$clause)) . " ";
  }
  echo "For option=$option, suboption=$suboption\n";
  echo sprintf($query, $where);
  echo "\n\n";
}

funtimes(0, 0);
funtimes(1, 0);
funtimes(0, 1);
funtimes(1, 1);

输出

For option=0, suboption=0
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER ORDER BY Ac_code, Prod_desc

For option=1, suboption=0
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='1' ORDER BY Ac_code, Prod_desc

For option=0, suboption=1
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Prod_desc='1' ORDER BY Ac_code, Prod_desc

For option=1, suboption=1
SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER WHERE Ac_code='1', Prod_desc='1' ORDER BY Ac_code, Prod_desc

现在您有了正确的查询,所以只需执行它。

于 2013-01-11T06:37:49.273 回答
1

是的,可以清理代码,但是对于您的代码,如果您的输入是数字和文本,并且如果 0 表示没有选项,并且空字符串表示没有选项(这看起来像您在做什么),那么将条件替换为

if ($option==0 && $suboption==0)
to
if ($empty(option) && empty($suboption))

同样。

我会写这样的代码

$qry = 'SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER';
$where = ' WHERE ';
$post = ' ORDER BY Ac_code, Prod_desc';
$clause = '';
if(!empty($option))
{
    $clase = $where . " Ac_code='$option'";
    $where = " AND ";
}
if(!empty($suboption))
{
    $clase = $where . " Prod_desc='$suboption'";
}
于 2013-01-11T07:00:44.123 回答
0

虽然我同意 DhruvPathak,但这里是您的代码清理了一下。Switch 可能不是最佳选择,因为您要比较两件事,而不仅仅是一件。

//initialize variables
$option = $suboption = 0;

// get option values
//...your code here...

$sql = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER";
if ($option!=0 && $suboption==0) {
   $sql .= " WHERE Ac_code='$option'";
}
elseif($option==0 && $suboption!=0) {
   $sql .= " WHERE Prod_desc='$suboption'";
}
elseif($option!=0 && $suboption!=0) {
   $sql .= " WHERE Ac_code='$option' AND Prod_desc='$suboption'";
}
$sql .= " ORDER BY Ac_code, Prod_desc";
$dc = mysql_query($sql);

请注意,如果您通过 GET 或 POST 获取选项和子选项值,这些查询可能会受到 SQL 注入攻击。还有更好的方法来获取数据。

根据您的反馈,这行得通吗?

$sql = "SELECT Ac_code, Prod_desc, Capacity FROM RATEMASTER";
if ($option!=0) {
   $sql .= " WHERE Ac_code='$option'";
   if ( (int)$suboption >= 0 || strlen($suboption) > 1)
      $sql .= " AND Prod_desc='$suboption'";
}
elseif($option==0 && ((int)$suboption >= 0 || strlen($suboption) > 1) ) {
   $sql .= " WHERE Prod_desc='$suboption'";
}
$sql .= " ORDER BY Ac_code, Prod_desc";
于 2013-01-11T06:40:12.003 回答